10.2 Nonconformity and Corrective Action [ISO 45001 with Procedure]

What is Nonconformance & Corrective Action for ISO 45001?

A nonconformity is a non-fulfilment of a requirement of the OH&S management system and or a legal requirement.

Contents

• What is Nonconformance & Corrective Action for ISO 45001?
• Step 1: Define the Problem and Select Interim Containment Action
• Step 2: Identify the Root-cause
• Step 3: Develop Root-cause Theories
• Step 4: Implement and Validate Permanent Corrective Actions
• Step 5: Prevent Recurrence
• Nonconformity & Corrective Action Procedure [Template download]

Identifying Nonconformities

Nonconformities can be identified during any number of activities, including:

• Risk assessment and review
• Monitoring and measurement activities
• Routine supervisory inspections
• Failure to wear personal protective equipment
• Failure to report defective plant or machinery
• Training record not available
• No maintenance schedule provided for extraction system
• Complaint
• Leaking oil from compressor on floor
• No MSDS for a chemical available
• Non-compliance with a license condition
• Reviews, examinations, inspections and audits

What to Do with a Nonconformity?

Recommendations whether emanating from audits, assessments, hazard reports, or incidents should be recorded and actioned as appropriate. In most cases the recommendations must be actioned at source but nevertheless recorded as this will facilitate statistical analysis going forward.

Other recommendations must be assigned to appropriate personnel with a target date and tracked for completion by the Health and Safety Department.

Appropriate personnel may usually be Line Management who may delegate actions but who will report back to the Health and Safety Dept upon completion, depending on the nature of the findings.

Changes to the OH&S Management System must recorded as must all document changes. Recommendations will then feed back into the system which can be updated as necessary and used for training purposes in the future.

Tracking should take place on a monthly basis by the Health and Safety Dept. Serious safety issues must however be actioned immediately.

Senior Management must review the progress on any outstanding recommendations and take the necessary action to expedite completion.

There may be instances where it is impossible to completely eliminate the cause of nonconformity, so in instances, the best organizations can do is to reduce the likelihood or the consequences of a similar occurrence happening again in order to reduce the risk to an acceptable level.

A corrective action should be considered as a reactive response to a problem since it is taken when a nonconformance is detected or upon receipt of a customer complaint.

Step 1: Define the Problem and Select Interim Containment Action

The problem description should describe the problems in terms of what, where, when, and how big.

The description should contain facts; such as observations and documentary evidence and not assumptions.

All information must be gathered before identifying the root-cause can begin. Make sure both of the above factors are true before you move to the next step. Consider any new information that the team may have gathered since completing the initial problem description.

Define, verify and implement the interim containment action to isolate the effects of the problem from any internal/external customer until permanent corrective actions (PCA) are implemented. Validate the effectiveness of the containment actions.

An interim containment action is kept in place until a verified permanent corrective action can be implemented. In some cases, the interim containment action may be the same as or similar to the emergency response action. However, an emergency response action is implemented with minimal supporting data. An interim containment action provides more opportunity for investigation.

Any interim containment action you implement must protect the customer from the problem without the introduction any new problems. Also, a single interim containment action may not be enough. You may need to implement more than one interim containment action to fully protect the customer.

An interim containment action can be any action that protects the customer from the problem. However, before you implement an interim containment action, you need to verify that the interim containment action will work.

To Verify the Interim Containment Action:

1. Prove before implementation it protects the customer from the problem
2. Provide a before-and-after comparison
3. Prove that the interim containment action will not introduce any new problems

Methods of Verification may Include:

• A test to determine the desired performance level
• A demonstration that changes eliminated the issue without creating a new problem
• A comparison between the interim containment action and similar proven actions
• A review to evaluate whether the interim containment action was effective
• Assurance that the interim containment action did not introduce a new problem

Conduct trial runs whenever possible. However, in some situations, your verification may simply be a matter of common sense. For example, if an interim containment action involves stopping the shipment of all products, you can be sure that customers will stop experiencing the problem.

Inmplementing the Action

You and your team must consider all of the trade-offs connected to your interim containment action. An important part of implementing an interim containment action is planning how you will implement the action.

To Implement an Interim Containment Action, follow this Management Cycle:

• Plan (Re-plan)
• Do (Implement)
• Check (Monitor)
• Act (Evaluate)

Step 2: Identify the Root-cause

Isolate and verify the root-cause by testing each possible cause against the problem description and test data. Also isolate and verify the place in the process where the effect of the root-cause should have been detected and contained (escape point).

Root-cause analysis (RCA) is a class of problem-solving methods aimed at identifying the root-causes of problems or events. The practice of RCA is predicated on the belief that the problems are best solved by attempting to correct or eliminate root-causes, as opposed to merely addressing the immediately obvious symptom. By directing corrective measures at root-causes, it is hoped that the likelihood of problem recurrence will be minimized.

The general principles of root-cause analysis include:

1. Aiming performance improvement measures at root-causes is more effective than merely treating the symptoms of a problem.

2. To be effective, RCA must be performed systematically, with conclusions and causes backed up by documented evidence.

3. There is usually more than one root-cause for any given problem.

4. To be effective the analysis must establish all known causal relationships between the root-cause(s) and the defined problem.

General Process for Performing and Documenting an RCA-based Corrective Action

Notice that RCA (in steps 3, 4 and 5) forms the most critical part of successful corrective action, because it directs the corrective action at the root of the problem. That is to say, it is effective solutions we seek, not root-causes.

Root-causes are secondary to the goal of prevention, and are only revealed after we decide which solutions to implement.

1. Define the problem
2. Gather data/evidence
3. Ask why and identify the causal relationships associated with the defined problem
4. Identify which causes if removed or changed will prevent recurrence
5. Identify effective solutions that prevent recurrence, are within your control, meet your goals and objectives and do not cause other problems
6. Implement the recommendations
7. Observe the recommended solutions to ensure effectiveness

Examples Root-cause Analysis Techniques Include:

• 5-Whys
• Failure mode and effects analysis
• Pareto analysis
• Fault tree analysis
• Cause Mapping - A problem solving method that draws out, visually, the multiple chains of interconnecting causes that lead to an incident
• Barrier analysis - a technique often used in particularly in process industries
• Change analysis - an investigation technique often used for problems or incidents

Basic Elements of Root-causes Include:

1. Materials
2. Defective raw material
3. Wrong type for job
4. Lack of raw material
5. Machine/Equipment
6. Incorrect tool selection
7. Poor maintenance or design
8. Poor equipment or tool placement
9. Defective equipment or tool
10. Environment
11. Orderly workplace
12. Job design or layout of work
13. Surfaces poorly maintained
14. Physical demands of the task
15. Forces of nature
16. Management
17. No or poor management involvement
18. Inattention to task
19. Task hazards not guarded properly
20. Other (horseplay, inattention)
21. Stress demands
22. Methods
23. No or poor procedures
24. Practices are not the same as written procedures
25. Poor communication
26. Management system failure
27. Training or education lacking
28. Poor employee involvement
29. Poor recognition of hazard
30. Previously identified hazards were not eliminated

To validate those potential root-causes that are under your control, you can apply the following validations to your answers or root-causes.

The 5 Whys

Ask the following questions for every possible root-cause you identify at all levels of the 5 Whys:

1. It there any proof (something you can measure or observe) to support this root-cause determination?
2. Is there any history or knowledge to indicate that the possible root-cause could actually produce such a problem?
3. Is there anything “underneath” the possible root-cause that could be a more probable root-cause?
4. Is there anything that this possible root-cause requires in order to produce the problem?
5. Are there any other causes that could possibly produce the same problem?

Example 1 - Nonconformance:
'Components are being delivered late to our customers'

Why 1 - Why were we unable to meet the agreed-upon timeline or schedule for delivery? The job took much longer than we thought it would

Why 2 - Why did it take so much longer? Because we under estimated the complexity of the job

Why 3 - Why did we underestimate the complexity of the job? Because we made a quick estimate of the time needed to complete it, and did not list the individual stages needed to complete the project

Why 4 - Why didn't we do this? Because we were running behind on other projects

Why 5 and Root-cause - Why are we running behind on other projects? We do not allow enough manufacturing/lead time when issuing quotations to our clients.

Example 2 - Nonconformance:
'The CNC machine keeps failing'

Why 1 - Why did the equipment fail? Because the circuit board burnt out

Why 2 - Why did the circuit board burn out? Because it overheated

Why 3 - Why did it overheat? Because it wasn’t getting enough air

Why 4 - Why was it not getting enough air? Because the filter wasn’t changed

Why 5 and Root-cause - Why was the filter not changed? Because there was no preventive maintenance schedule in place informing the operator to do so.

Comparative Analysis

Once you have reviewed the problem description, you can begin a comparative analysis. A comparative analysis will help you identify relevant changes in a change-induced situation.

Then you can reduce the number of possibilities that you must consider to determine root-cause.

To Complete a Comparative Analysis:

1. Ask yourself; what is unique, peculiar, different, or unusual about the symptoms?
2. Consider features such as people, processes, materials, machines and the environment
3. List all facts without prejudice as to the possible cause

Consider each difference you listed, and look for changes, ask yourself:

1. What has changed to give rise to this difference?
2. Keep in mind that each difference may not have a corresponding change
3. List the changes next to the difference
4. Look at the dates each change occurred
5. Eliminate some changes if they occurred after the problem started
6. Consider categories of people, machines, processes or measurements

If the problem is change-induced, the root-cause must be the result of a change relative to one or more of the identified changes. It is important to remember that you have not yet moved from the ‘observations’ phase of the process.

Any information you develop during the comparative analysis must be fact based, not opinion based and must be true only for the symptom’s information. Do not rule out any facts that might be valid answers.

If it is a fact and it answers the question, write it down.

Step 3: Develop Root-cause Theories

Now that you have narrowed down the possible root-causes, you need to develop theories about how the problem occurred. Theories are statements that describe how a change may have created the problem.

To Develop Root-cause Theories:

1. Use brainstorming techniques to generate ideas
2. Ask: ‘how could this change have caused the problem?’
3. Continue to ask the question until all possible theories are developed
4. List at least one theory for each change
5. List each theory individually on a worksheet
6. List every possibility, no matter how strange or unlikely
7. Don't reject or qualify any theory
8. Start with the simplest single change theory first
9. Then work up to more complex theories
10. Be specific; don't use generalities such as ‘poor quality’ or ‘doesn't work’

To test the theory, do the following:

• Ask, ‘Does this theory explain the symptoms and data, if so how?
• Test the theory against each individual condition

If a theory explains the problem, but lacks information necessary to explain why it happened, gather more data:

1. Gather more data to prove or disprove these theories
2. Test simple (single change) theories first
3. Test highly complex or interactive theories last

The Root-cause Must Explain ALL Known Data

Any theories that pass the trial run are the most likely causes. If only one theory passes the trial run, then verify this theory as the root-cause. However, more than one theory may pass the trial run. In those cases (and when practical and feasible), collect and analyze any missing data for uncertain theories and re-examine information to resolve uncertainties.

If additional information reveals that a theory cannot fully explain why the problem happened eliminate it from consideration.

If it is not feasible to gather and evaluate additional information, try to verify each remaining theory. Start verification with the theory that best explains the symptoms.

Verification

Once you have determined the most likely cause(s), verify that it actually causes the problem. Verification is the proof you need to confirm that you have identified the root-cause. Verification is done passively and actively.

Passive Verification

Passive verification is done by observation:

• 1Look for the presence of the root-cause without changing anything
• If you cannot prove root-cause, then the identified cause is not the root-cause

Active Verification

Active verification is done by manipulating the root-cause variable:

• Implement and remove the root-cause variable to make the problem ‘come and go’
• Both ‘coming’ and ‘going’ are essential tests to confirm the root-cause
• There can be more than one verified root-cause

Escape Point

After you have determined and verified the root-cause, you need to determine the escape point of the problem. An escape point is the point closest to the root-cause at which the problem could have been detected but was not.

Control System

A control system is a system deployed to monitor the product/process and ensure compliance to health and safety requirements.

A Control System Consists Of:

• Responsibilities
• Procedures
• Resources

A control point is a location within the control system at which the product/process is checked for compliance to the health and safety standards.

A product or process may have more than one control point within the system. When you identify the escape point, you can work to improve or establish a system to ensure that if problems occur, they will not go undetected.

To Understand how the Problem Escaped and to Identify the Escape Point:

1. Review the process; focus on the part of the process where the root-cause occurred
2. Determine if a control system exists to detect the problem

If none exists, the development of a new control system must be considered as part of the problem solution.

If a Control System Currently Exists:

1. Identify the control point closest to the root-cause
2. Determine if the control point is capable of detecting the problem

If the control system is not capable, the development of an improved system must be part of the problem solution. If the control point is capable of detecting the problem, then the control point is the verified escape point. Choose and verify permanent corrective actions for the root-cause and the escape point.

Permanent Corrective Actions

Select the best permanent corrective action to remove the root-cause and select the best permanent corrective action to eliminate the escape point.

Verify that both decisions will be successful when implemented without causing undesirable effects.

Steps for Permanent Corrective Actions (PCA) Selection:

1. Establish decision criteria, e.g.; what is feasible
2. Identify possible actions
3. Choose the most appropriate permanent corrective action (PCA)
4. Test and verify the permanent corrective action
5. Re-evaluate the ICA & PCA for the escape point

Step 4: Implement and Validate Permanent Corrective Actions

Plan and implement selected permanent corrective actions. Remove the interim containment action and monitor the long-term results.

Steps for PCA implementation:

1. Develop Action Plan for PCA
2. Implement the PCA Plan
3. Remove the ICA
4. Evaluate the PCA for escape point
5. Perform validation
6. Confirm with the customer that the symptom has been eliminated

Step 5: Prevent Recurrence

Modify the necessary systems, policies, practices and procedures to prevent recurrence of this problem and similar ones.

Make recommendations for systemic improvements as necessary:

1. Review the history of the problem
2. Analyze how the problem occurred and escaped
3. Identify affected parties
4. Identify opportunities for similar problems to occur and escape
5. Identify practices and procedures that allowed the problem to occur
6. Identify practices/procedures that allowed the problem to escape to the customer
7. Analyze how similar problems could be addressed
8. Identify and choose appropriate preventive actions
9. Verify preventive action and its effectiveness
10. Develop action plan
11. Implement preventive actions
12. Present systemic preventive recommendations to the process owner

Serious consequences may occur when the underlying symptoms are not addressed, when the quick fix is accepted as a final, permanent solution.

Excessive reliance on containment or emergency response action will create a repeating cycle.

Problem containment is an addiction that will only get worse until root-causes are found and addressed.

Related Information You Might Find Useful

• ISO 9001 — 10.2 What is Conformity in ISO 9001?
• ISO 9001 — What is Non-conformance in ISO 9001?
• ISO 9001 — 10.2 Corrective Action
• Video — ISO 45001 2018 Clause 10.2 Incident, nonconformity and corrective action

Next ISO 45001 Clause

• 10.2 Incident Investigation

Each ISO 45001 Clause Explained

• Learn More About ISO 45001

Updated: 3rd May 2022
Author: Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

Don’t Try to Manage It All Alone!

Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.

	QMS ISO 9001	EMS ISO 14001	OH&S ISO 45001
Nonconformity & Corrective Action Procedure The purpose of this procedure is to establish the process for identifying, documenting and analyzing nonconformities and mitigating their impacts by implementing appropriate corrective actions. Your organization’s quality management system is geared toward the proactive elimination of actual and potential deficiencies. Nonconformities in products, services, processes and our management system are investigated and action implemented to prevent their occurrence. Forms & Reports also included: Control of nonconformity & Corrective Action Process Activity Map Authority Matrix Corrective Action Process Map CAR & SCAR Log Corrective Action Request Supplier Corrective Action Request > FREE DOWNLOAD - Control of Calibrated Equipment Procedure - this will give you a good idea of what to expect when you purchase the procedure. I'm looking for more Procedures	$19 USD add to cart	$19 USD add to cart	$19 USD add to cart
ISO 9001 + ISO 14001 IMS Corrective Action Template Nonconformity & Corrective Action Procedure - view sample Nonconformity & Corrective Action Process Overview (Turtle Diagram) - view sample Corrective Action Process Map Corrective Action Report A3 Action Plan 5-Whys Worksheet 8D Worksheet Corrective Action Tracker - view sample Action Items Log Supplier Corrective Action Request Improvement Activity Form In-depth Guidance; including Root-cause Analysis Process - view sample Everything you need to prepare for, manage and tighten up your Corrective Action documentation.	$35 USD add to cart
ISO 9001 + ISO 14001 + ISO 45001 IMS Corrective Action Template Nonconformity & Corrective Action Procedure Nonconformity & Corrective Action Process Overview (Turtle Diagram) Corrective Action Process Map Corrective Action Report A3 Action Plan 5-Whys Worksheet 8D Worksheet Corrective Action Tracker - view sample Action Items Log Supplier Corrective Action Request Improvement Activity Form In-depth Guidance; including Root-cause Analysis Process - view sample Everything you need to prepare for, manage and tighten up your Corrective Action documentation.	$35 USD add to cart

• Supplied as fully-editable MS Word or Excel files
• All the templates use styles – making reformatting and rebranding a breeze
• Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.

We are 100% confident in the quality and contents of our products. Used by thousands of organizations around the world, our templates have been sold online since 2002. Please read our Money Back Guarantee.

Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

• Small Businesses – dentists, accountants, engineers
• Large organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first-timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.

FAQs About Our Templates

• Top 10 FAQs
• Payment and Billing
• Downloading and Delivery
• Systems Requirements
• Support
• License and Updates

Ask Us a Question

• Enquiries [email protected]
• Support [email protected]
• Call 0845 054 2886 (UK only)

More Information

• About Us
• Client list